77

I'm able to ping my Ubuntu box via command: (where c2h2ttt is listed in /etc/hosts)

c2h2@c2h2crawler:~/ttt$ ping6 -I eth1 c2h2ttt
PING c2h2ttt(c2h2ttt) from fe80::21b:21ff:fe22:e865 eth1: 56 data bytes
64 bytes from c2h2ttt: icmp_seq=1 ttl=64 time=10.3 ms
64 bytes from c2h2ttt: icmp_seq=2 ttl=64 time=2.06 ms
64 bytes from c2h2ttt: icmp_seq=3 ttl=64 time=1.33 ms

And when I try ssh -6 c2h2ttt it shows: 

c2h2@c2h2crawler:~/ttt$ ssh -6 c2h2ttt
ssh: connect to host c2h2ttt port 22: Invalid argument

What's the correct command?

On the server side /etc/ssh/sshd_config has:

ListenAddress ::
ListenAddress 0.0.0.0

I was able to ssh to c2h2ttt via ipv4 on port 22. and netstat -lnt | grep :22 is

root@c2h2think:~# netstat -lnt | grep :22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN

ufw is used and its allowing any inbound traffic on port 22

root@c2h2think:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere

And the iptables configuration:

root@c2h2think:~# ip6tables -L -v -n
Chain INPUT (policy DROP 55 packets, 10758 bytes)
pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all      lo     *       ::/0                 ::/0        

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all      *      lo      ::/0                 ::/0
Andrew Marshall
  • 382
  • 1
  • 2
  • 15
c2h2
  • 2,363
  • 3
  • 18
  • 18

3 Answers3

116

Try specifying the interface to the ssh client. The ping6 utility allows you to specify an interface, however ssh does not have a switch for that, you have to use this syntax:

ssh -6 fe80::21b:21ff:fe22:e865%eth1
John T
  • 163,373
  • 27
  • 341
  • 348
  • 2
    wow, it works thanks! just because the eth1 problem – c2h2 Jan 24 '11 at 07:24
  • 3
    tried that, worked for me, too! Why does one have to specify the interface? – Max Beikirch Feb 28 '15 at 21:05
  • 13
    @MaxBeikirch because EVERY fully operational network interface will have an fe80: address. So, the system does not know which interface to send the traffic to. This is a traffic routing issue. For other addresses, the system often makes intelligent choices because the computer assigns routes to "nearby" addresses (meaning addresses in the same subnet), but that doesn't work with fe80: since all network interfaces are part of the same subnet. – TOOGAM Aug 17 '15 at 22:28
  • 1
    @TOOGAM How can I specify the interface postfix for a host in `~/.ssh/config`? – PVitt Jun 05 '16 at 16:14
  • 1
    @PVitt : The usual way is to specify a system identifier (such as an IP address), and then tack on a percent sign, and then an interface name, as demonstrated by the answer which tacked on %eth1 to the end of the IPv6 address. eth1 was the interface identifier. If that doesn't work, check the [man page for OpenSSH's file named config](man.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5), and if that doesn't help, consider making a new question (on SuperUser) with more precise details so we can help you further. – TOOGAM Jun 05 '16 at 21:10
  • Does it have to be an IP address, or would the host name also work? E.g. `ssh -6 c2h2ttt%eth1` – Dmitry Grigoryev May 31 '17 at 14:55
  • %eth1 will be needed only for `link-local` ip6addresses – Ramana Reddy Nov 10 '17 at 11:18
  • 1) Is eth1 relative to the server or the client? 2) Ubuntu 19 doesnt have ethX... it has this weird enp0s3.. any work around that? – TaeWoo Apr 06 '20 at 21:01
9

Link local addresses aren't supposed to be used for SSH, they're for low-level protocol bootstrapping stuff. If you don't have an ISP-provided prefix to use on your network, then generate a unique-local prefix from fd00::/8 instead:

http://en.wikipedia.org/wiki/Unique_local_address

Paul
  • 107
  • 2
  • // , How does one access an IPV6 address that is routable in the global IPv6 Internet, though? – Nathan Basanese Jul 02 '15 at 08:29
  • @NathanBasanese: Your ISP has to provide you with IPv6 service or you set up a tunnel with one of the IPv6 brokers, like [Hurricane Electric](https://tunnelbroker.net/) – Radu C Jul 07 '15 at 17:19
  • 4
    Link local addresses are network addresses. If you want to use them for SSH, go ahead. Just know how to handle any complication(s), like what this question and John T's answer discuss. I've had a case where a ULA (fd00::/8) did not get assigned as hoped. In that case, SSH using a link-local (fe80::/16) worked great. I avoid link-local only because of the hassle of dealing with the routing (needing to specify an interface), but not because the addresses are technically any less capable of sending or receiving traffic. – TOOGAM Aug 17 '15 at 22:32
1

To connect SSH IPv6 you most have IPv6 ISP connectivity on your computer and than try as.

root@hostname[~]# ssh -6 2205:f200:40:401::9ab4:8b43

and this command it will ask first time to confirm SSH key. than type Y/Yes

Note: 2205:f200:40:401::9ab4:8b43 mean Your IPv6. This Only example of IPv6 so don't forget to replace you IPv6.

Shiv Singh
  • 119
  • 3